package com.ai.wxy.spring.auth.security;

import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.AccessDeniedException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * 没有权限访问处理
 *
 * @author 石头
 * @Date 2019/11/5
 * @Version 1.0
 **/
@Slf4j
public class AccessDeniedHandler implements org.springframework.security.web.access.AccessDeniedHandler{
    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException authException) throws IOException, ServletException {
        /**
         * 当用户尝试访问安全的REST资源没有足够权限时，将调用此方法发送403 响应
         */
        response.sendError(HttpServletResponse.SC_FORBIDDEN, authException==null?"Unauthorized":authException.getMessage());
        //throw new WebException(ExceptionEnum.USER_ACCESS_ERROR);
    }
}
